Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honeytokens: The Other Honeypot

Posted by CmdrTaco on from the something-to-think-about dept.

martyros writes "I just read a fascinating article by Lance Spitzner securityfocus.com about a concept he calls honeytokens. The idea is similar to that of a honeypot, which he defines as "an information system resource whose value lies in unauthorized or illicit use of that resource". Rather than having a computer that's designed to be broken into, however, you have say, a record in a database or a file has no legitimate use; ergo, if anyone uses it, it must be illegitimate. An example he gives: adding a record to the hospital database for a guy named "John F. Kennedy". It doesn't correspond to a real person, so no one has any business looking at the file. If someone does access it, you know that they're abusing their privileges somehow. The article has several other clever examples, which I found very thought-provoking."

15 of 427 comments (clear)

  1. Or maybe there's just someone by Anonymous Coward · · Score: 1, Funny

    named John F. Kennedy at your hospital?

  2. I do this already by L.+VeGas · · Score: 5, Funny

    By placing arsenic in your water bottle that you leave in the refrigerator, you can tell who's been pilfering your lunch.

    --
    Best Windows Freeware
    1. Re:I do this already by Jaguar777 · · Score: 2, Funny

      By placing arsenic in your water bottle that you leave in the refrigerator, you can tell who's been pilfering your lunch.

      I prefer to use a bottle of honey. You catch more people that way. I even tried vinegar, but honey works best :)

      --
      Maybe you should educate the morons of tomorrow so they'll stop believing the leaders of tomorrow. - Dogbert
    2. Re:I do this already by dschl · · Score: 4, Funny

      I have heard stories of leaving gloves dusted with dye powder (same stuff used in money shipments) in your locker, just for the glove-thief on drilling rig crews. You always know who is stealing your gloves, but the bright red hands of the thief let everyone else know, too. If you are feeling a little bit nastier, you dust the inside of the glove with caustic, and then leave it in your locker for the glove thief. The caustic is a bit more dangerous, because if he rubs his eyes just before his fingers start burning, it could cause severe eye damage.

      The lunch thief in my drilling crew was the motorman, who did five years in Kingston pen for armed robbery. Claimed he was "reformed", so I guess he didn't really consider sandwich theft to be much of a crime. I was tempted to add ex-lax or something worse just for him, but never got around to it.

      --
      Slashdot - the place where you can look like a genius by restating the obvious
  3. Been around for awhile by miyako · · Score: 5, Funny

    ...several years in fact, although in a different form.
    A while back a bunch of businesses created a website called slashdot to monitor people who were surfing the net instead of doing work.

    --
    Famous Last Words: "hmm...wikipedia says it's edible"
  4. Re:Search? by WindBourne · · Score: 2, Funny

    Does that mean the person was in the wrong place?
    Well, yes. He is suppose to be in the Arlington National Cemetary, not a hospital.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  5. Re:Nothing new here, move along by AndroidCat · · Score: 4, Funny

    Encyclopaedias have done this for ages too. Make up a boring tiny entry for .. Boring Arkansas, and wait for a rival to copy it, then sue them. (Appologies if there is a Boring Arkansas, I am so sorry for you.)

    --
    One line blog. I hear that they're called Twitters now.
  6. Re:oh, you mean like my penis? by nightsweat · · Score: 2, Funny

    I'm pretty sure you can leave access to that thing wide open and it'll still be as safe and untouched as if it were translated to Navajo and encrypted with 3DES.

    --

    the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
  7. Re:Popular anti-spam technique by DeltaSigma · · Score: 2, Funny

    I do the same thing, except I harvest e-mail addresses from slashdot and post those.

  8. Re:Not new at all... dictionaries, maps, etc. by Tumbleweed · · Score: 2, Funny

    > Dictionaries contain false entries intended to serve as markers and preserve the collection copyright.

    That must be where that word 'nukyuler' comes from that I keep hearing W use, right?

  9. Re:Similar to anti-spam provisions by BlueWonder · · Score: 2, Funny
    Didn't Cliff Stoll do something like this when he was tracking down hackers at LLNL?

    No.

    Cliff Stoll did something like this when he was tracking down hackers at LBL.

    The article probably wouldn't have mentioned Cliff for using this technique if he hadn't. :-)

  10. Re:Or they made a mistake by Big+Jason · · Score: 2, Funny

    By that logic, I the UNIX Admin, should give you the root password because you think you need it to write some half-ass code, or do a "chmod -Rf 777 ..". DBAs and SAs exist to *manage* the environment, your job is to write shoddy code.

  11. Re:Nothing new here, move along by valkraider · · Score: 2, Funny

    There is a Boring, Oregon.

    There is a city nearby called Oregon City which leads us to this wonderful sign.

  12. Re:Old, old idea. by ralmeida · · Score: 3, Funny

    Yeah, I have this really, really, really good joke, but I can't tell you because I use it as a honeytoken.

    I also have a simple proof of Fermat's Last Theorem, but it's being used as a honeytoken also. Sorry.

    --
    This space left intentionally blank.
  13. Re:Or they made a mistake by ahaning · · Score: 3, Funny

    So, when my shortest-path solutions come out oddly for my GIS labs, can I explain in my report that the problem could be that John F. Kennedy Boulevard doesn't actually exist?

    --
    Withdrawal before climax is very ineffective and those who try this are usually called "parents."